Do (competent) black-hat hackers actually use things like Kali Linux or is that really only a meme/used for pen testing

Actually redpilled

OpenBSD would be my guess.

Why wouldn’t it work
I’m retarded btw

any hacker who's not a LARPing skiddy will have enough compromising evidence that he NEEDS to have (info about the target, data from the target, leaked source code, passwords, custom scripts, etc.) that an incognito system won't be any better than plausibly deniable encryption, and will actually be a pain in the ass to work with day to day
Kali is in fact a toy OS for wannabes
Tails is ok for basic web browsing but anything more serious will require something similar to Qubes

Nobody has the time to audit everything they compile. Even if you do do (doodoo, lol) that, a truly secure system has to be proofed at many levels. At one point or another, you'll have to give up and trust someone else's word. Making that distinction at the point between binaries you compiled and binaries someone else compiled is weak.

>what is the trusting trust dilemma

Attached: 1540787562212.jpg (645x773, 62K)

I'd bet most competent hackers *want* to use OpenBSD, but are missing a driver or something

AFAIK, OpenBSD has 2 main problems:
-hardware support
-good filesystem support (something atomic like ZFS)

>can't audit everything man. just go with the flow
the difference between source and binaries is that you can easily diff source; you can't diff a binary and easily see what changed

idk, what is it user?

Wouldn't the ideal be running Kali in a VM through a Whonix gateway running in Qubes OS? Or am I missing something?

The average hacker is your fail2ban ukrainian
a black hat hacker will use whatever setup they prefer
>Kali is in fact a toy OS for wannabes
not really, it's just a distro with a bunch of programs preinstalled. take that and add some in house nsa tools and you're halfway to being a ctn/17c at ft meade

kali is a distribution, same tools you can get anywhere, just convenient as fuck

look it up
after you learn about that look up "diverse double compiling" to learn about one of the possible mitigations

You can trust someone to have compiled the binary with a given source file. They'll give you a hash of the binary.
You download that binary from some other distributor. Once you download it, you run it through the same hash, using a software you trust, and verify by eye that you got the exact same binary you and your friend got.

This is just the same level of trust as diff-ing source codes.

Performance probably

You’ll be able to tell something has changed, but you won’t know what was changed unless you have the source

How is that useful?
When downloading any piece of software, you either get exactly what you asked for, or you didn't. Save yourself the trouble of auditing and find a better distributor.

That's some impressive mental gymnastics to promote using binaries, but my point was that the diff will be human readable; you can look at what was changed, read the commit notes if it looks suspicious, and so on.

You need to trust/evaluate the source regardless, so trusting someone else to compile is literally+objective worse.

TLDR: If you're willing to trust your distributor, you're probably not in:
>a situation where a slip up is going to cost you

>you can't diff a binary

lol are you serious? bin diffing is what hackers use to reverse engineer closed source patches in everything from windows to router firmware. there are tons of binary diffing tools and most are based on ida pro. hashing is faster as long as you trust the hashes, but for bin diffing you need the original and the new binary.

learn to read user:
>you can't diff a binary AND easily see what changed
reverse engineering bindiffs is possible =/= bindiffs are easier to read than patch diffs

please stop spamming your stupidity, this question was about what competent blackhats would do, not wannabe script kiddies

It literally doesn't fucking matter
If you can run a compiler, have IDA, and have a fuzzing hypervisor for your OS of choice you're good to go

Bump

it'll work on any distro, it's open source. just download the code and compile it.

zdnet.com/article/french-cyber-security-agency-open-sources-clip-os-a-security-hardened-os/

Kali is just Ubuntu with a bunch of security packages preinstalled.
A lot probably use Kali just for the convenience of having all of the packages preinstalled, but you can install them on any OS.

>so I see you're running gnome

most of us hackers actually use blackarch
and yeah I'm taking a hacking class in college starting in January so I know a thing or two

Attached: black.png (585x686, 94K)

anything over 100 byte difference is too suspicious to attempt to reverse and why would you use diffs instead of a hash? are you comparing stuff that is compiled from the same source and trying to find enough similarity to be convinced the binary isn't different because of different compiler optimizations/options? what scenario do you propose where diffing is better than hashing? you can use precompiled binaries because it lets you hide among the noise. you can get 0day'd more easily, but if that's your threat model then you need a whole different level of overall security.

Have you ever diff'd a closed source binary? If so, were there more or less than 100 bytes difference after a patch?

real hackers use BSD

there was only 99 bytes difference usually, if there is 100 I reject the patch

How many bytes different is Moot's cock now that he sold Jow Forums?

Just 2 nibbles difference

Hackers use whatever. Kali is convenient because it comes with a shitload of tools standard, and the package manager has loads more. It's a debian build so doing stuff with it is easy.

>stay away cia
Don't worry, the iphone you post off has backdoors ready anytime :^)

Kek that's my setup
You can stop stalking me now Mr cia

Attached: 1544366219174.gif (189x189, 273K)

dericious infos danke onee chan

I know, gotta start somewhere

Fuck off Jordan.

Why does Elliot has such shit taste in DEs?

> and yeah I'm taking a hacking class in college starting in January so I know a thing or two

lol fuck you namefag if that is a joke it's pretty good

Kali is Debian, not Ubuntu

I use someone's else computer.
preferably from somewhere very far from me.

Well then, you're an idiot if it doesn't "seem" that way. Kali, Tails, Fed sec labs, etc don't use anything special. Those tools are all available by default on basically every distro's repos, Those configurations they make to make what is sane for them is not random or complex.

Also, thinking Tails and Kali are somehow interchangeable or have similar goals shows a profound lack of understanding.

If they can get away with it, sure. Not just for combating hackers (or script kiddies from Jow Forums), but if you can hide a back door under the noses of all those penetration testers using Kali, they'll carry it to every corporate system they audit.

Pentoo, Alpine, or Qubes

use caine

Competent hackers don't use computers, they do social engineering

>What would they use to be as secure/anonymous as possible?
Homing pigeon.

Wrong and retarded
SE is absolute skid shit and won't get you into anything properly secured

No shit that’s why I asked faggot

You guys asked so I will tell you.
DSL

This is a great thread. TIL that I'm completely safe from every one of you.

>Not using a different device, location, public wifi, vpn, in addition to the tor network each time along with kali linux on a flash drive with luks encrypted persistence.
user

throw gentoo in the trash and stick with debian at that point.

I feel like I'm one of the very few people in the world that understands kali is supposed to be used as a live system, not as an installed OS.